gateway=true on the /cas/login URL will fish for a transparent CAS authentication without CAS presenting the user a login experience.
If that fails to yield a CAS service ticket (since the user wasn't logged in to CAS and logging in would have required presenting a login user experience), then you're stuck: the only way to recheck to see if you can later pick up a transparent authentication would be to send the user back to /cas/login with gateway=true. However, if you did get a CAS service ticket from your /cas/login?gatway=true authentication, you could choose to get a Proxy Granting Ticket when you validate that Service Ticket. Then you can use the Proxy Granting Ticket to get proxy tickets. Getting a proxy ticket always requires a response from the CAS server and will fail when the user's TGT session expires or they explicitly log out of CAS. As discussed in another recent thread, potentially annoyingly, the PGT may expire or become invalid in situations where the TGT has not yet expired or become invalid. Nonetheless, validating a PGT as a way to recheck whether the user is still logged in to CAS. Hope this helps, Andrew On 11/16/2010 08:07 PM, Jacob Miller wrote: > Hey all, > I was curious if there was an api call similar to > ForceAuthentication(), but one that doesn't force a log in if the user > hasn't already. Essentially, I'm looking for a way to ensure that I'm > bypassing the local applications authentication cache and get a > response directly from the server. Anyone know of a way to do this? > -- > You are currently subscribed tocas-...@lists.jasig.org > <mailto:cas-dev@lists.jasig.org> as: ape...@unicon.net > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
